
ZOOM has released a patch for a critical Windows account takeover flaw tracked as CVE-2026-53412, as detailed in Zoom's security bulletin. The bug allows unauthenticated attackers to seize control of user accounts on affected Windows clients.
According to SecurityAffairs, the vulnerability carries a CVSS score of 9.8 and impacts Zoom Desktop Client, VDI Client and Meeting SDK for Windows versions that predate the fix. The report notes that the flaw arises from improper validation of authentication tokens, enabling token reuse or prediction.
In addition, Zoom addressed CVE-2026-53409, CVE-2026-53410 and CVE-2026-53411, each scored at CVSS 8.8, which could allow privilege escalation on a compromised host. The Hacker News coverage explains that none of these issues are currently under active exploitation.
The flaws were disclosed via Zoom's bug bounty program and detailed in security bulletin ZSB-26014. While threat actors have not been seen exploiting these issues in the wild, their high severity makes rapid patching advisable.
Administrators should confirm that all Windows devices run Zoom Desktop Client version 5.16.0 or newer, VDI Client version 2.0.0 or newer, and that Meeting SDK components are updated to the latest release. Turning on automatic update features and conducting an inventory audit can help eliminate outdated installations.
Defenders should also review login logs for irregular token requests, enforce multi-factor authentication for Zoom users and consider blocking legacy client versions through group policy settings. Monitoring Zoom's security advisories will ensure any further guidance is applied promptly.